Privacy Incorperated Software Agent: Building a privacy guardian for the electronic age.

The PISA software components may be classified in two categories: - A generic architectural framework; - A set of reusable software agents that must be specialized when implementing a specific application. The architecture is based on several technologies and protocols (JADE platform, WEB services, SOAP, RMI, XML to mention a few), and provides specification for the organisation and functional roles of the internal components (the PISA agent platform), and for the interaction with external components (Certification Authorities, Data mining tools, business objects). The user application layer (presentation logic) needs to be written, but PISA demonstrators provide useful examples on how this can be done. The set of reusable SW agents includes: - Registration authority agent; - Personal agents; - Task agents; - Service agents; - Advisor agents; - Monitor agent; - Log agents. The framework is scalable in the sense that different degrees of privacy may be obtained by using different combinations of agents. Through the PISA Demonstrators, several tests on performance have been carried on to prove the technical feasibility of the proposed architecture.

The people at Delft University of Technology were mainly involved in the PISA-project for the research on the cryptographic aspects of providing privacy in agent systems. A comprehensive list of possible threats to agents and their users was set up. Using this list, security requirements to agent technology could be given. Several solutions have been proposed to enhance the level of security and privacy in agent systems. All of them take the underlying threat of an untrustworthy host into account. A new method was proposed for confidential agent communication, such that even the underlying platform is not capable of eavesdropping the communication. When privacy is required, e.g. when personal data is exchanged, this is important. Furthermore, a new agent digital signature was developed, such that the agent can sign a document without anybody having access to the private key. This is especially important in an agent environment, as the platform is in general capable of obtaining the agent’s private key during the signing operation. This private key is often used to prove the agent’s identity, therefore when providing privacy is a strong requirement, it is necessary that the agent’s private key is protected. Software agents execute tasks at locations that are not known beforehand; therefore it is necessary that these tasks are protected. A simple practical approach was suggested to encrypt these tasks. In addition to practical solutions, Deflt University of Technology developed a theoretical model for mobile code. The model is based on the information theoretic approach as was first developed by Shannon, but was extended such that it is also applicable to mobile code. New theoretical limits could therefore be derived, such that the maximum level of secrecy is defined for mobile code. Articles have been written and published on most of the results.

Privacy by design: PISA studied the case of how to incorporate privacy-protecting features into an ISA. This resulted in the handbook Privacy and PET, which includes references to all the PISA-reports and publications. The purpose of this handbook is to identify whether and if so, which privacy law rules apply to ISA’s and what measures need to be implemented to create a Privacy Incorporated Software Agent (PISA). New legal privacy issues: Legal research shows that although an ISA cannot be held liable for violations itself as it lacks a legal personhood it must have its built-in privacy protection features. This means not only in the expression of the privacy preferences of the user of the ISA, but also in the receiving of the Personal Identifiable Information (PII) of others and the handling of privacy sensitive data. Security: Many threats have been identified and based on the system model and assumptions several of these threats have been chosen to provide a solution for. Especially the use of a PKI in an agent environment has been studied and implemented. The system model and assumptions made in the security research were different from the model used in the demonstration, because we approached the problem of providing privacy and security at the long term. In the long term it is not feasible to assume that each agent platform can be trusted completely. Especially in the area of computing with encrypted data in an agent-environment and making decisions on encrypted data much research is necessary, because the solutions shown here depend on possibility that these solutions will become available. Privacy audits: The Privacy Audit Framework is a work plan a privacy auditor can use in order to evaluate compliance of a processing system for personal data within the applicable privacy legislation. For systems based on intelligent software agents this means a need for designing and implementing new features to support the audit process. Evaluation: Currently, the Common Criteria contain FPR Class: Privacy. This is the only class relating to the evaluation of privacy compliance. This class specifies and gives evaluation criteria on a small, although not unimportant, subset in privacy regulation. The issues are: anonymity, pseudonymity, unlinkability and unobservability. Compliance to this class does not, in any way, guarantee that the information system is compliant with the Data Protection. Compliance auditing must mean, according to the Data Protection Authorities, carrying out a process audit whereby the flow of personal data within the organisation is checked, including the possible processor, from the moment the data are to be collected up until their destruction. The conclusion is that the Common Criteria, although their methodologies are correct, cannot at this moment in time be used as the framework for a Privacy Audit. Privacy obligations require that the system design process and security standards incorporate privacy requirements. Networks: The question asked in this research was: ‘what is needed in order to make network communication confidential for agents systems?” Results were: - An onion routing protocol approach for network privacy for agents, protocol design for privacy under IPSEC, - Approach to make pay TV services more privacy preserving, - Secure routing for ad-hoc networking, - A privacy preserving electronic currency protocol - Network privacy for reputation management systems. We implemented and tested a prototype of the agent-based onion routing protocol for operation in the JADE agent platform. Scalability: The question asked in this research was: “What techniques can we use to assess the performance of security and privacy technologies for agent systems with any thousands of software agents in advance of their implementation?” We built JADE applications that use the crypto primitives and protocols that could be used within the PISA demonstrator, tested the performance of the overall system in agent environments ranging from one to several thousand agents and documented all results in terms of timing and processor load. We analysed the expected performance of different possible PISA system configurations to determine the most effective system arrangement. Human Computer Interfaces Research on Privacy and Human Computer Interfaces is a new topic. This research consist of: - Examination of what it means to build a trustable interface to agents, and what would be involved in trusting agents with personal information. - A set of design guidelines for building trustable agent systems. - Examination of privacy legislation and principles to determine HCI requirements for "usable compliance". - A set of requirements and design solutions to satisfy the spirit of the privacy directives. - How to effectively facilitate understanding of privacy concepts and terms. - How to maximise the trustable nature of the interface.